Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

AGL MEDIAPLAYER Crash(vulnability)

Description

Automotive Grade Linux(AGL) MEDIAPLAYER Crash

 

Download the latest version of AGL : https://download.automotivelinux.org/AGL/release/octopus/latest/raspberrypi4/deploy/images/raspberrypi4-64/

(This version is referred to as the release version.)

 

I ran the image on Raspberry Pi 4 and found a bug in the mediaplayer.

 

I put about 10,000 normal mp3 files on USB.

Then I chose to play it on AGL's MEDIAPLAYER.

 

AGL mounts the USB and adds the saved mp3 in usb file to the playlist.

When there are about 10000 files in the process, AGL’s mediaplayer (not MDP) crashes and ends (sig=6).

 

When the test was conducted with 5000 mp3 files, not crash

 

I think the cause of Crash is AGL's mediaplayer.

Because, after crash, mediaplayer is terminated, but MDP is still running.

 

 

The normal file I used is a sample.mp3 file (playable anywhere).

I created 10000 files using the Python code for normal files.

 

```
import shutil
for idx in range(0,10000):
shutil.copy2("./sample.mp3", "./sample"str(idx)".mp3")
```

 

I hope you will acknowledge this as a vulnerability.
Thanks.

Environment

None

Attachments

4

Activity

Show:

Scott Murray 
May 11, 2023 at 12:44 PM

Resolving as won't fix, as trying to handle the usecase is IMO outside the scope of the demo, and would require switching away from MPD or some significant work on its file parsing upstream.

Walt Miner 
May 10, 2023 at 9:12 PM

  It looks like we can close this one. 

euntaejang 
February 24, 2023 at 12:10 AM

I agree and respect your opinion.
Thank you !!

Scott Murray 
February 23, 2023 at 7:47 PM

So I did manage to reproduce this finally by switching to an older USB drive using VFAT.  What happens is:

  1. mpd is started as a dependency of mediaplayer by systemd

  2. on startup it sits and looks at all 10000 files before completing daemonizing and/or letting systemd know it has started

  3. systemd times out on starting the mpd unit and stops it

  4. systemd starts mediaplayer

  5. the code that attempts to connect to mpd in mediaplayer (actually in libqtappfw) cannot (since mpd is not running), and calls qFatal, which is effectively an assert, hence the coredump

So to some degree the libqtappfw code is doing what it was intended to do when it was written, i.e. it treats not being able to connect to mpd on start up as a fatal error.  I could attempt to refactor things to have libqtappfw not do that, but it's not obvious if that is worth the effort or not.  libqtappfw and the mediaplayer app are purely demo software that aren't intended for production use as is; AGL members are likely not interested in investing the effort to make them bulletproof as none of them would use the code in products.  There may be some room to tinker with the systemd configuration to try to keep mediaplayer from starting, but since the end result is likely roughly the same (i.e. mediaplayer will fail to start), it's also not clear where it's worth investigating.

euntaejang 
February 20, 2023 at 12:17 AM

Just 8GB !

Won't Fix

Details

Assignee

Reporter

Labels

Hardware Platform(s) Affected

Raspberry Pi 4

Components

Due date

Priority

Created January 2, 2023 at 1:44 AM
Updated May 11, 2023 at 9:55 PM
Resolved May 11, 2023 at 12:44 PM